ClawHub

Zoho Bigin

v1.0.3

Zoho Bigin API integration with managed OAuth. Manage contacts, companies, pipelines, and products in Bigin CRM. Use this skill when users want to read, create, update, or delete CRM records, search contacts, or manage sales pipelines. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway). Requires network access and valid Maton API key.

4· 11.8k·2 current·4 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the actual behavior: SKILL.md instructs the agent to call Maton gateway endpoints that proxy www.zohoapis.com/bigin/v2. Required env var (MATON_API_KEY) is directly relevant to using the Maton-managed OAuth gateway.
Instruction Scope
Instructions only show HTTP requests to https://gateway.maton.ai and https://ctrl.maton.ai and examples for creating/listing/deleting OAuth connections. The instructions do not ask the agent to read local files or unrelated environment variables. Note: all CRM traffic and OAuth token management flow through Maton endpoints, so Maton will see request/response data and manage OAuth tokens.
Install Mechanism
No install spec and no code files beyond SKILL.md and a license. Instruction-only skills have low install risk because nothing is written to disk by the skill itself.
Credentials
Only MATON_API_KEY is required — appropriate for a gateway-based integration. However, this single key grants Maton the ability to proxy Zoho API requests and (via the control endpoint) manage OAuth connections, so the user must trust Maton with CRM data and OAuth tokens.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system-level privileges or modify other skills/configs. Autonomous invocation is allowed by platform default but not combined with other concerning flags.
Scan Findings in Context
[NO_CODE_TO_SCAN] expected: The skill is instruction-only (SKILL.md). The regex scanner had no code files to analyze, so no code-based findings are present. Behavioral risks come from network interactions described in the instructions (Maton endpoints).
Assessment
This skill appears coherent for using Zoho Bigin through Maton's managed OAuth gateway. Before installing, confirm you trust maton.ai (they will see your CRM requests and hold OAuth tokens) and verify the publisher/registry entry since the skill's registry homepage is empty. Consider: 1) Use a Maton account with limited access and rotate the MATON_API_KEY if needed; 2) Review Maton's privacy/security and data retention policies; 3) When creating connections you will open a browser to authorize Zoho — ensure you complete that flow only on trusted devices; 4) If you prefer not to route CRM traffic through a third party, seek a skill that uses direct Zoho credentials or an official Zoho integration. If you can provide the skill's publisher homepage or repository, I can raise or lower my confidence accordingly.

Like a lobster shell, security has layers — review code before you run it.

latestvk9792jq38j8jwv932ygbfh1v1580w3bm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments